- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 27 Feb 2015 16:14:26 -0500
- To: public-webpayments-comments@w3.org
On 02/27/2015 04:44 AM, Anders Rundgren wrote: > That is, the card is never directly exposed to potentially malicious > merchant code. Except in the case of some of the more recent merchant store breaches. :) > Now if you rather go to the Web, you'll find that the entire concept > "Trusted Code" is missing! It is... because it's a really, really hard problem to solve, and there are multiple layers of what "trusted" could mean. > Strong authentication to specific domains (like U2F) compensate for > this deficiency at the expense of user experience and limited > flexibility when it comes to provider selection. So, what's the solution? :) I ask because I don't think many people will argue that there isn't a problem. Your comments above are very broad brush, so there's not much actionable in this email, what is the point you're trying to make and the action you'd like the group to take? -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: High-Stakes Credentials and Web Login http://manu.sporny.org/2014/identity-credentials/
Received on Friday, 27 February 2015 21:14:48 UTC